Is Comcast Intercepting Packets?

nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for subsidiaries or resale to marketers. Maybe they want to do their part in The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."

Isn't this just a normal Transparent Proxy???

[tupps]

Both Cable Internet Providers and I am sure many other ISP's in Australia use Transparent Proxies.

Much easier to setup on the client side and you catch people who leave out the proxy information.

The fact that the server has other capabilities doesn't mean that they are actually using this stuff. If someone can show me a link to the page where I can buy the marketing data, *then* i will believe you.

This is just speculation.

This is not a story...

[DaSyonic]

I think the fact that this was mailed to bugtraq yet it apparantly got denied is proof of that...

Many ISPs do transparent caching. Transparent caching at ISPs is more than acceptable. It's not acceptable when major backbones do it, as has happened in the past.

The fact that they can log what you do is just a side effect. The same can be done WITHOUT transparent caching. The 'author' says they added hardware just for this. Well of course they did! They're just trying to speed up access without needing as big of a link needed without using transparent caching.

And at any rate, I'm surprised this got posted. It's just some guy posting to two mailing lists, which got denied at that!

Ultimately though, I feel ISPs should provide a means to remove you from having your link transparently cached. If they do that, then you can't blame them for trying to save bandwidth. The results of a transparent cache can be substantial!

Re:This has to be illegal

[bourne]

Isn't tapping internet connections the same, legally, as a phone tap?

Probably, but this probably isn't "tapping internet connections." I'll bet you dollars to donuts that when Comcast gets called on this, they'll explain how they're only "capturing and keeping limited information" with "aggregate identification only" so that they can "optimize their network configuration" or something like that. The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.

They might even be telling the truth. Not that we care - who wants to be the first to write an app that makes random requests to random domains constantly so as to screw up their database?

Evidence, please?

[1010011010]

How do we not know they're just implementing a web cache to save money and provide better service? Lots of ISPs do this. Why page to get the pictures from the homepage of cnn.com 458,765 times an hour when once will do?

This allows them to monitor and change (or insert ads into) what you read.

Posh. Fear-mongering. Come back with some evidence -- and I'll be as against it as the next guy. And if they are actually inserting ads, then they'll probably be in court with CNN, Disney, etc, so forth, for modifying and distributing copyrighted material.

Interestingly, regardless of what IP you address the packet to, the Inktomi Traffic-Server reads the Host: field to determine where to send the packet. I sent several packets from my home machine to one of my office machines, inside the packet was "Host: www.comcast.net". Comcast illegally intercepted, misinterpreted and altered this packet, and sent it to www.comcast.com. So, you might say there's a bug in this evil Inktomi Traffic-Server thing.


Oh, shut up. That's how a transparent proxy works. I suppose the Linux facilities for transparent proxing -- available for years now -- are also evil?

Where's my clue-by-four...

Hold your horses...

[Calrathan]

Now wait a second. Before we all flip out and start bashing ComCast, lets realize a couple things.

Number one, this guy just got transitioned. A lot of people all over the country have been going through the same thing, and not everyone is seeing the same thing as him. As 'hostman' from the MESH (Michigan Engineering Software and Hardware http://misc.eecs.umich.edu/) discussion email list wrote:

"This whole thread got me a bit peeved, so I went home and ran a few tests. I was unable to find any evidence of the packet modification described. It is possible the described issue is not an issue here in A^2, as we 'transitioned' from MediaOne's service, not @Home..."

Secondly, your ISP has the right to monitor traffic to ensure quality of service. Just because the caching part of the server is not currently running, it does not mean that they aren't phasing it into the system. At this point it's just speculation. They might even have more rights to monitor what you're doing, depending on your service agreement. Read it.

Lets get some REAL evidence of what's going on other than this hear-say. Someone show us some modified packet headers, and someone else reproduce those results, and MAYBE I'll believe it then.

This could be a big oops for Comcast

[Joe+Decker]

If they're collecting the data themselves, instead of using a third party, I believe they would be in direct violation of the Cable TV Privacy Act of 1984.

While IANAL, I work in the digital television middleware industry and have been involved in making sure that we do not inadvertantly let our customers run afoul of that precise law. It's not just the law, it's a good idea.

Re:This has to be illegal

[hex1848]

Its all in the terms of service:

COLLECTION, USE AND DISCLOSURE OF INFORMATION ON
SUBSCRIBER USE

Collection of Information: Comcast collects, uses and releases information on Customer use of the Service as necessary to render the Service, to otherwise undertake legitimate business activities related to the Service and to comply with law. Comcast may collect information in accordance with applicable law concerning Customer's use of the Service and customer preferences which are reflected in the choices that a customer makes among the range of services offered as part of the Service, the time that the customer actually uses the Service, the menus and features used most often by the Customer, and other information about a customer's "electronic browsing."

Use of Information: Collecting information contained in transmissions made by Customer through the Service directed at Comcast, its Underlying Providers, Internet web sites, or other service providers to which access is provided as part of the Service, is necessary to provide the Service. Comcast's detailed business records generally are used to help make sure customers are properly billed; to send customers pertinent information about the Service; and for accounting purposes. Customer information is also used to execute requests and orders placed by customers with advertisers, merchants, and other service providers; to understand customers' reactions to various features of the Service or the Internet; and to personalize the Service based on the interests of customers. Such information helps Comcast improve the Service and uncover unauthorized access to the Service or Customer data and may be provided to law enforcement agencies in the event of such unauthorized access.

Confidentiality of Information: Comcast considers the personally identifiable Customer information that is collected to be confidential. Comcast will disclose to third parties personally identifiable information that Comcast maintains related to customers only when it is necessary to deliver the Service to customers or carry out related business activities, in the ordinary course of business, for ordinary business purposes, and at a frequency dictated by Comcast's particular business need, or pursuant to a court order or order of any regulatory body having jurisdiction over matters which are the subject of this Agreement. Additional information regarding disclosure of personally identifiable information is described in the Privacy Statement which can be accessed through the Comcast High-Speed Internet Service home page.

I work for a phone company

"The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long."

I work for a phone company.
No, we sure as hell DON'T have a database. (atleast in Canada). There are only 3 times we keep track.

1. As per customer request (traffic studies, getting prank calls)

2. As per warrant (court order required!)

3. For long distance billing. (we need to know how much to charge you)

local calls are not recorded - we have to add an option in your line programming for that - after meeting one of the above requirements.

Re:I work for a phone company

[pestihl]

I work for QWEST, which is a huge phone company here in the US. It is impossible to have digital switches and not be tracking the calls in some database somewhere.
Mostly because of one reason, Inter-State Inter-Lata rules and other smaller FCC phone line fair use rules. Qwest, Sprint, MCI and thousands of other businesses and sometimes counties own the phone lines and the switches. If I make a call, EVEN Out of country, and Go from Qwest owned phone lines to your Canada owned phone lines, Qwest and the Canadian owned company have to reach a agreement on what to charge for the usage, BY THE SECOND.
Third party companies house these charges. The company Qwest uses is called Telview, found at http://www.telveiw.com; it's called a TARIFF library, Telview makes their money by handling these charges and selling them to telecoms. EVERY digital switch in the world uses some system like this, or in conjunction with.
Now the database in play comes in not to track who you are calling so much. But because once your voice packet leaves Qwest lines it is not their propriety anymore and someone has to pay for the usage. Thus MCI can say you as a Qwest user, used X amount of trunk access on their lines, and charge Qwest X amount of dollars for those seconds. Qwest logs roughly about 140+ million phone calls a day, their system is considered by the FCC to be the definitively correct system, In audit type disputes The FCC will even use Qwest records as a third party advisor, because we track EVERYTHING, even all of the other telecoms, and almost all in the world. We just made it into Europe last summer. Anyway these millions and millions of minutes are charged at as low as -5 cent a minute to crazy 15+ cents a minute. It goes negative because of anti-monopoly issues regarding start up telecoms. Seconds are rounded and tracked to the nearest thousandth. On Qwest's system, an audit system HAS to be in place, this is part of FCC regulation crap, not to mention allows the FCC to more or less do their job. Generally that database doesn't have names in it. But the billing database that does have all your names in it if you subscriber to Qwest, private or not.... is a simple sql call away, it quite latterly lives in the same server farm... No stored procedures can link the two databases by LAW. Unless a search warrant is in place. Then with the officer there, we can link them. But the link has to be deleted also under the officer's super vision. Your records are tracked as up to two years, then deleted off, one month at a time. So two years ago to last month, we have no clue of whom you called, and are really glad to have a little more space.
The rule is if you can't use a blue box on your phone line, then you are traceable down to that specific phone. Digital Switch = Trackable.

p.s. For those who wonder, The system is Called NTU, Network Transaction Usage. We use Perl to gather data off the switches, not every switch is alike, including the os they run and the data needs to be parsed for the database. A HP/UX demon is used to process rules, and sort out how they should be poked into the database. While an oracle database floating on 36 partitions in a huge raid system is used to house the data while it lives. The machine NEVER goes down, even it does go down, monitor machines can quite literally mirror the drives and swap out so no data is ever lost. The coolest thing I've ever seen was my cowboy boss walk over to this multi-billion dollar a year machine and say, "Time to test the emergency backup units." These machines are located in other states altogether btw. Then he just pulls the power cord out of this rack mounted 8 by 8.

Re:This has to be illegal

[yintercept]

Comcast considers customer information that is collected to be confidential

Of course they consider it "confidential". You get a lot more money when the information you're selling is confidential!!!!

Re:This has to be illegal

[Kalrand]

>who wants to be the first to write an app that makes
>random requests to random domains constantly so as to screw up their database?

You mean actually follow the links on a slashdot story?

Re:Crypto.

[Corgha]

IANAL, but I'd say you have just about as much expectation of privacy as you do sending unencrypted voice over the public telephone network, which is to say a substantial expectation.

Data on a switched network between two large ISPs is no easier to intercept than voice going between two large phone companies. In fact, I daresay it would be easier for me to tap my neighbor's phone than his cable modem (I could do it with a pair of pliers and some wire); it would, however, be illegal and IMO wrong for me to do so.

Bottom line: even though it may be *possible* for nefarious people to tap your phone, put bugs in your living room, or even implant a chip in your brain, you can still have an expectation of privacy. Not wrapping your house in tinfoil does not mean you're giving up your right to privacy, because your home is not a public forum. The wires between you and a web server do not constitute a public forum by any stretch of the imagination (even if the server happens to be hosting a public forum). Not using HTTPS does not consitute an abdication of privacy.

If you run a packet sniffer and look at other people's data, good luck convincing a judge that you weren't doing something bad under Section 2511 because the data wasn't encrypted.

"Hey, his front door wasn't locked, so I didn't really steal his TV..."
"Hey, the guy didn't use The Club, so this really isn't Grand Theft Auto..."
"Hey, she was wearing that short skirt; she deserved it..."